relay access denied mail from outside to any user on server

Discussion in 'Server Operation' started by abcinc, Jul 20, 2013.

  1. abcinc

    abcinc New Member

    Ubuntu 10.04, Dovecot 2.3, postfix 2.7, sasl

    web5 postfix/smtpd[9255]: warning: 209.85.160.175: hostname mail-gh0-f175.google.com verification failed: Name or service not known
    web5 postfix/smtpd[9255]: connect from unknown[209.85.160.175]
    web5 postfix/trivial-rewrite[9306]: warning: table "mysql:/etc/postfix/sender_dependent_default_transport_maps.mysql.conf": empty lookup result for: "dave@change.org" -- ignored
    web5 postfix/smtpd[9255]: NOQUEUE: reject: RCPT from unknown[209.85.160.175]: 554 5.7.1 <dave@change.org>: Relay access denied; from=<abc@gmail.com> to=<dave@change.org> proto=ESMTP helo=<mail-gh0-f175.google.com>
    Jul 19 20:11:06 web5 postfix/smtpd[9255]: disconnect from unknown[209.85.160.175


    dovecot.conf
    default_login_user = ****

    protocols = imap pop3 imaps pop3s
    disable_plaintext_auth = No
    ssl = no
    mail_uid = ****
    mail_gid = ****
    listen = *

    mail_location = maildir:/var/vmail/%d/%n
    passdb sql {
    driver = sql
    args = /usr/local/etc/dovecot/dovecot-sql.conf

    }

    userdb {
    args = /usr/local/etc/dovecot/dovecot-sql.conf
    driver = sql
    }

    protocol imap {
    # imap_max_line_length = 64 k
    }

    protocol lda {
    # auth_socket_path = /usr/local/var/run/dovecot/auth-master
    # postmaster_address = admin@hosting.com
    # sendmail_path = /usr/lib/sendmail
    }
    # auth_verbose=no
    # auth_debug = no
    # auth_debug_passwords = no

    # protocol pop3 {
    # pop3_uidl_format = %08Xu%08Xv
    # }

    !include conf.d/*.conf

    Postfix main.cf
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/mail5.hosting.com.crt
    smtpd_tls_key_file = /etc/ssl/private/www.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    #vhost with mysql params
    #virtual_alias_domains needs to be unset
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    #virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    myhostname = mail5.hosting.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail5.abcsitehosting.com, localhost, localhost.localdomain
    mynetworks = 127.0.0.0/8, 192.168.6.0/24, 127.0.0.1,
    # mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = no
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_local_domain =
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks permit_auth_destination, reject_unauth_destination
    # relayhost = 127.0.0.1
    # SMTP Authentication (SASL)
    sender_dependent_default_transport_maps = mysql:/etc/postfix/sender_dependent_default_transport_maps.mysql.conf
    relay_recipient_maps = mysql:/etc/postfix/relay_recipient_maps.mysql.conf
    transport_maps = mysql:/etc/postfix/sender_dependent_default_transport_maps.mysql.conf
    virtual_alias_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_domains.cf
    daemon_timeout = 180s
    # default_transport = smtpd
    notify_classes = resource
    delay_warning_time = 1
    default_database_type = sql

    Postfix master.cf

    ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (no) (never) (100)
    # ==========================================================================
    smtp inet n - y - 1000 smtpd -v
    smtps inet n - - - - smtpd
    -o smtpd_tls_wrappermode=yes
    submission inet n - - - - smtpd
    # -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
    pickup fifo n - - 60 1 pickup
    -o content_filter=
    -o receive_override_options=no_header_body_checks
    cleanup unix n - - - 0 cleanup
    qmgr fifo n - n 300 1 qmgr
    tlsmgr unix - - - 1000? 1 tlsmgr
    rewrite unix - - - - - trivial-rewrite
    bounce unix - - - - 0 bounce
    defer unix - - - - 0 bounce
    trace unix - - - - 0 bounce
    verify unix - - - - 1 verify
    flush unix n - - 1000? 0 flush
    proxymap unix - - n - - proxymap
    proxywrite unix - - n - 1 proxymap
    smtp unix - - - - - smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix - - - - - smtp
    -o smtp_fallback_relay=
    showq unix n - - - - showq
    error unix - - - - - error
    retry unix - - - - - error
    discard unix - - - - - discard
    local unix - n n - - local
    virtual unix - n n - - virtual
    lmtp unix - - - - - lmtp
    anvil unix - - - - 1 anvil
    scache unix - - - - 1 scache
    dovecot unix - n n - - pipe flags=DRhu user=****:**** argv=/usr/lib/dovecot/deliver -d ${recipient}

    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix - n n - - pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}

    uucp unix - n n - - pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

    ifmail unix - n n - - pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix - n n - - pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}
    # amavis unix - - - - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    127.0.0.1:10025 inet n - - - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

    mail.log
    connect from unknown[72.51.185.45]
    web5 postfix/smtpd[4651]: match_list_match: unknown: no match
    web5 postfix/smtpd[4651]: match_list_match: 72.51.185.45: no match
    web5 postfix/smtpd[4651]: match_list_match: unknown: no match
    web5 postfix/smtpd[4651]: match_list_match: 72.51.185.45: no match
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 127.0.0.0/8
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 127.0.0.0/8
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 192.168.6.0/24
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 192.168.6.0/24
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 127.0.0.1
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 127.0.0.1
    web5 postfix/smtpd[4651]: match_list_match: unknown: no match
    web5 postfix/smtpd[4651]: match_list_match: 72.51.185.45: no match
    web5 postfix/smtpd[4651]: send attr request = connect
    web5 postfix/smtpd[4651]: send attr ident = smtp:72.51.185.45
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: status
    web5 postfix/smtpd[4651]: input attribute name: status
    web5 postfix/smtpd[4651]: input attribute value: 0
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: count
    web5 postfix/smtpd[4651]: input attribute name: count
    web5 postfix/smtpd[4651]: input attribute value: 1
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: rate
    web5 postfix/smtpd[4651]: input attribute name: rate
    web5 postfix/smtpd[4651]: input attribute value: 1
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: (list terminator)
    web5 postfix/smtpd[4651]: input attribute name: (end)
    web5 postfix/smtpd[4651]: > unknown[72.51.185.45]: 220 mail5.hosting.com ESMTP Postfix (Debian/GNU)
    web5 postfix/smtpd[4651]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
    web5 postfix/smtpd[4651]: name_mask: noanonymous
    web5 postfix/smtpd[4651]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
    web5 postfix/smtpd[4651]: smtp_get: EOF
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 127.0.0.0/8
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 127.0.0.0/8
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 192.168.6.0/24
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 192.168.6.0/24
    web5 postfix/smtpd[4651]: match_hostname: unknown ~? 127.0.0.1
    web5 postfix/smtpd[4651]: match_hostaddr: 72.51.185.45 ~? 127.0.0.1
    web5 postfix/smtpd[4651]: match_list_match: unknown: no match
    web5 postfix/smtpd[4651]: match_list_match: 72.51.185.45: no match
    web5 postfix/smtpd[4651]: send attr request = disconnect
    web5 postfix/smtpd[4651]: send attr ident = smtp:72.51.185.45
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: status
    web5 postfix/smtpd[4651]: input attribute name: status
    web5 postfix/smtpd[4651]: input attribute value: 0
    web5 postfix/smtpd[4651]: private/anvil: wanted attribute: (list terminator)
    web5 postfix/smtpd[4651]: input attribute name: (end)
    web5 postfix/smtpd[4651]: lost connection after CONNECT from unknown[72.51.185.45]
    Jul 19 18:09:34 web5 postfix/smtpd[4651]: disconnect from unknown[72.51.185.45]
    Jul 19 18:09:34 web5 postfix/smtpd[4651]: master_notify: status 1
    Jul 19 18:09:34 web5 postfix/smtpd[4651]: connection closed

    result is Relay access denied sending email from gmail to user on server.

    Please help
    This was solved by changing the transports from virtual: to local. Some tutorial had me do virtual:
     
    Last edited: Jul 21, 2013

Share This Page